UNIVERSITY PARK, Pa. — An international research team including Penn State computer engineers has received a $50,000 Google Faculty Research Award focusing on smartphone application security.
The grant focuses on research into identifying malicious applications on smartphones and other devices. Engineers at Penn State will work with researchers at the Technische Universitat Darmstadt in Germany and the University of Luxembourg.
The Google Faculty Research Award supports cutting-edge research in computer science, computer engineering and related fields. Approximately 200 grants are awarded globally each year.
Patrick McDaniel, professor of computer science and engineering, said the team is developing automated analysis software to help Google and other organizations identify and eliminate malicious software apps found in users' app stores.
Google's Android platform is one of the most popular smartphone operating systems in the world, having been activated on more than 500 million devices. McDaniel said more than 600,000 apps are available in the Google Play app store alone, with approximately 10,000 new apps being added each month.
The computer engineer said the marketplace is flooded with apps that are malware, compromise privacy or are just poorly written. It's impossible for companies such as Google to properly vet each and every app uploaded to the Android marketplace, he stated.
McDaniel said the analysis software will create a map to show how Android apps communicate both internally and with other applications.
The map can then be used to identify malicious behavior and unusual or unintended communication.
“If I have an app that sends email, it uses the built-in address book to find email address,” McDaniel explained. “Part of the problem is we don't really know what apps are doing with the data.”
He cited a 2010 collaboration with researchers at Duke University and Intel Labs where they tested 30 popular Android applications. Of those, 15 apps sent users' geographic information to remote advertising servers. Another seven of the apps collected information such as telephone numbers and SIM card serial numbers.
“These apps are potentially using each others' information without the user knowing it,” he said.